Configure the Edge UI to store session information in memory

Edge for Private Cloud v. 4.18.01

Note: This feature is available in Edge version 4.17.01.01 and
later.

By default, when a user logs out of the Edge UI, the session cookie for the user is deleted.
However, while the user is logged in, malware or other malicious software running on the user's
system could obtain the cookie and use it to access the Edge UI. This situation is not specific
to the Edge UI itself, but with the security of the user's system.

As an added level of security, you can configure the Edge UI to store information about
current sessions in server memory. When the user logs out, their session information is deleted,
preventing another user from using the cookie to access the Edge UI.

Note: If the Edge UI server ever goes down, all session information
stored in memory is lost and all users must log in again after the server comes back up.

This features is disabled by default. Before you enable this feature, your system must meet
one of the following requirements:

Your system uses a single Edge UI server

Your system uses multiple Edge UI servers with a load balancer, and the load balancer is
configured to use sticky sessions.

If your system meets these requirements, then use the following procedure to enable the Edge
UI to track user sessions in memory:

Open the ui.properties file
in an editor. If the file does not exist, create it:> vi /opt/apigee/customer/application/ui.properties

Set the following properties in:conf_apigee_apigee.feature.expireSessionCookiesInternally="true"
conf_apigee_apigee.feature.trackSessionCookies="true"

Save your changes.

Make sure the properties file is owned by the 'apigee' user:> chown apigee:apigee /opt/apigee/customer/application/ui.properties